Solved

How to map/configure 2 mail servers  behind a firewall on the same lan/subnet

Posted on 2006-06-17
6
236 Views
Last Modified: 2013-11-16
I have a firewall which has 2 mail server's public smtp and pop ips mapped to internal ips  via NAT one-to-one translation on ports 25 and port 110.
Example :
               Mail Server 1
               smtp.abc.com ( 66.92.81.1) map on (port 25) to 192.168.100.5                          
               pop.abc.com ( 66.92.81.2) map on  (port 110) to 192.168.100.6

               Mail Server 2
               smtp.xyz.com  ( 66.92.81.3) map on (port 25) to 192.168.100.10
               pop.xyz.com  ( 66.92.81.4) map on (port 110) to 192.168.100.11

The problem is if I turn both smtp servers on , 1 or the other emails does not work

How how should I map/configure the 2 mail servers or similar ports behind a firewall on the same lan/subnet ?
Whats the right way to do this?
0
Comment
Question by:texter777
6 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 16927035
They should work fine just as they are.
What kind of firewall do you have? Perhaps there is something not configured correctly in it?
0
 

Author Comment

by:texter777
ID: 16927388
sonicwall pro 2040.

Mapping one-to-one nat translation.

Rules
---------------
a) Allow  *   192.168.100.5 (LAN) Retrieve E-Mail (POP3)   [exchange server]
b) Allow  * 192.168.100.6 (LAN) Send E-Mail (SMTP)   [gfi mail essentials relay]

c)  Allow  *  192.168.100.10 (LAN) Retrieve E-Mail (POP3)  [mailserver2]
d)  Allow  *  192.168.100.10 (LAN) Send E-Mail (SMTP)  [mailserver2]

e) Allow  *  192.168.100.5 (LAN) Web (HTTP) Allow  [mailserver1]
++For webmail access
f)  Allow  *  192.168.100.10 (LAN) Web (HTTP) Allow  [mailserver2]
++for webmail access
0
 
LVL 1

Expert Comment

by:dlmario
ID: 16927530
Hi texter777,

there schould no problem using multiple SMTP, POP or IMAP servers in the same subnet. Are you sure you are using 4 IP addresse where you are doing NAT from? Why do you NAT your Network, when you have four external addresses?

For me it seems like you are using one external IP (a DSL for example) and doing NAT from this IP to your private subnet, isn´t it?

If not, it should be a setting on your router. Is it possible to do a tcpdump on the mailservers? Are you using linux machines?

However, theoretical there can not be a problem using more than one mailserver in a network segment - providers are doing the same ;-)

/Mario
0
 

Author Comment

by:texter777
ID: 16927549
Guys,
Thanks for your input.
Mario ,
Avoiding external addresess (dual nics) or DMZ , by using one-to-one NAT.
This method has its con side too, but since we have a kickass hardware firewall ,
have chosen to go with one-to-one NAT mapping.

I think Ive found the problem.
Interesting indeed....
The 2 nd mail server SMTP was bound ONLY ON the LAN IP address 192.168.100.10
and not on "All Addresses" .

This excluded the local loop (127.0.0.1),which made it unable for the SMTP to natively transfer the email to the POP3 mailboxes/service.

Hence I wasnt seeing the mail in my pop3 box.

Peace.
Texter

0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 17934535
PAQed with points refunded (100)

Computer101
EE Admin
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now